Deep speech classification has achieved tremendous success and greatly promoted the emergence of many real-world applications. However, backdoor attacks present a new security threat to it, particularly with untrustworthy third-party platforms, as pre-defined triggers set by the attacker can activate the backdoor. Most of the triggers in existing speech backdoor attacks are sample-agnostic, and even if the triggers are designed to be unnoticeable, they can still be audible. This work explores a backdoor attack that utilizes sample-specific triggers based on voice conversion. Specifically, we adopt a pre-trained voice conversion model to generate the trigger, ensuring that the poisoned samples does not introduce any additional audible noise. Extensive experiments on two speech classification tasks demonstrate the effectiveness of our attack. Furthermore, we analyzed the specific scenarios that activated the proposed backdoor and verified its resistance against fine-tuning.

翻译：深度语音分类取得了巨大成功，并极大地推动了众多实际应用的出现。然而，后门攻击对其构成了新的安全威胁，尤其是在使用不可信的第三方平台时，攻击者预设的触发器能够激活后门。现有语音后门攻击中的触发器大多是样本无关的，即便设计得难以察觉，仍可能被听到。本研究探索了一种基于语音转换的样本特定触发器后门攻击。具体而言，我们采用预训练的语音转换模型生成触发器，确保中毒样本不引入任何额外的可闻噪声。在两项语音分类任务上的大量实验证明了我们攻击的有效性。此外，我们分析了激活所提后门的特定场景，并验证了其对抗微调的鲁棒性。